Microsoft Autopilot for Imaging Computers – An Overview

Businesses are always in search of faster ways to manage their IT operations in the fast-moving digital world of today.  In the area of computer imaging and staging, major progress has been made recently.  Technology departments or IT departments normally dedicate a lot of time and resources to setting up new computers (or refurbishing old ones), installing operating systems, installing, and configuring programs specific to the department or person(s) that would be using it.  All of these processes can easily be done now with cloud based services such as Microsoft Autopilot.  Microsoft Autopilot provides a hassle free approach to deploying and managing systems.

 

So what is Microsoft Autopilot?

 Microsoft Autopilot is a cloud based service that allows IT professionals to setup and roll out new computers running Windows 10 or Windows 11 quickly. It simplifies the initial getting started process for their end users by automating the setup and configuration process. Using Autopilot, IT departments can make use of online tools to setup computers remotely and reducing the need for in-person configuration!

 

Some of the key benefits of Microsoft Autopilot:

• Easier Deployment – Microsoft Autopilot makes deployment easier and eliminates the traditional imaging process of creating and maintaining custom images for different hardware configurations.  IT administrators instead can create deployment profiles and policies using the Microsoft Endpoint Manager system to keep their systems uniform.

•  Zero-touch Provisioning – with Microsoft Autopilot, companies can order their computers and have them shipped directly from the factory, once they arrive and are set up, the end user would simply turn on the computer and complete the setup process themselves without the need of having IT staff on-site to setup and configure everything. This type of deployment would obviously depend on the competency level of the end user to be able to handle all of this, of course, so some companies might have to deploy tech staff but even then the work they would do would be less time consuming.

• User Driven Experience – Microsoft Autopilot gives an experience that users can control, which allows them to adjust settings and add applications designed for their specific needs during the initial setup.  This allows users to help themselves while maintaining compliance with security requirements and keeping with company policies.

• Increased Security – using Microsoft Autopilot together with Microsoft Intune, allows IT administrators to apply and enforce appropriate security policies, adjust settings on the computer, and allow the installation of software updates without having to be in front of the computer by doing it remotely.  Making sure that computers are maintaining compliance with company standards as well as protecting them from possible threats that come with out of date updates.

 

Getting started with Microsoft Autopilot

There are a few steps you need to process in order to start using Microsoft Autopilot.  Below is just an overview of these steps.

• You will need to prepare your environment before deploying devices with Microsoft Autopilot, you will need to ensure that your company has valid Microsoft 365 subscriptions and access to the Micorsoft Endpoint Manager portal.  Also, you will need to register your companies devices with Microsoft Autopilot and configure the device enrollment settings.
• You will need to create the Deployment Profiles using the Microsoft Endpoint Manager portals, you will create and configure the deployment profiles for your company needs, this will determine how the devices are provisioned. Among the settings configured in the deployment profile are the language, region, network configurations and user authentication methods.
• You will need to upload device information, including hardware IDs (such as computer serial numbers or device hashes) and purchase information to the Microsoft Autopilot service. This allows it to identify and register the computer(s) when they are turned on for the very first time.
• Assigning profiles to computers once they are registered and their information has been uploaded is fairly easy. You’ll assign the deployment profile to specific computers or groups of computers, this will make sure each computer downloads the proper configuration settings during the initial setup.
• As mentioned before, with Microsoft Autopilot computers can be shipped out from the manufacturer to your end user without having to staged and imaged by your in house tech staff. Instead your end users simply power on the computer and follow the on screen instructions and complete the initial setup!
• You will be able to monitor the deployment process through the Microsoft Endpoint Manager portal to make sure that computers are properly enrolled and configured based on the deployment profiles you have created.
  
• It is recommended that you ask for and record any feedback from your end users and other administrators.  Using this feedback you can better tweak the settings and improve the deployment process using Microsoft Autopilot to improve the user experience, satisfaction and efficiency along the way.

Hopefully you found this information useful to determine whether or not using Microsoft Autopilot can give you and your company a fresh method of creating, imaging, and staging computers to make it easy to distribute and manage.

 

How to Integrate Microsoft Authenticator Into Your Company's Environment

 

In today's world, ensuring the security of your company's data and systems is of upmost importance. One effective way to increase your organization's security measures is by implementing multi-factor authentication also referred to as MFA.

Microsoft Authenticator is one of the main tools that adds an extra layer of security by requiring users to verify their identity using their mobile device.

In this guide, we'll walk you through the steps to seamlessly integrate Microsoft Authenticator into your company's environment.

 

Step 1: Review Your Current Security Setup

Before starting this process, you will need time to review and assess your company’s current security setup by making note of any authentication methods currently configured and set in place and then you will need to identify any potential weaknesses or areas for improvement.

 

Step 2: Set Up Azure Active Directory

Microsoft Authenticator integrates seamlessly with Azure Active Directory or also called Azure AD, which is Microsoft's cloud based identity and access management service.

If you have not already done so, you will want to set up Azure AD for your organization. You can search online for Microsoft's documentation for guidance on how to create and configure an Azure AD tenant. 

A simple overview of the process goes like this:

• Sign into the https://portal.azure.com site
• Select Microsoft Entra ID
• Navigate to Identity > Overview > and select Manage Tenants
• Click on Create
• On the “Basics” tab, select the type of tenant you want to create.
• Then select the Next: Configuration option to move to the Configuration tab
• Complete the form on the screen by entering the company name in the Organization name field; the initial domain name, without the .com or anything; and then choose your country.
• Click on the “Review + create” button and review the information you had entered, click the Create button to finish.

That’s it, you just created your tenant in Azure!  It should be noted that the account you use to create the tenant will be the first user account added to the domain and it will have full global admin access for management.  It is highly recommended that you have more than one global administrator account, at least two and five is often the most that is recommended.  Too many cooks spoils the meal or something like that!

 

Step 3: Enable Multi-Factor Authentication

Once you have created your organizations Azure Active Directory, the next step is to enable multi-factor authentication, typically referred to MFA, for your users. With Azure Active Directory, you can enforce MFA policies that require your users to provide additional verification when signing in. This can include methods such as SMS codes, phone calls, or the Microsoft Authenticator app. The Microsoft Authenticator app is often the best and preferred method to implement.

 

Step 4: Install Microsoft Authenticator

Instruct your users to install the Microsoft Authenticator app on their mobile devices. The app is available for both iOS and Android devices and can be downloaded from the Google Play Store or Apple app store.

 

Once installed, users can very easily set up the app by following the instructions presented on screen.

 

Step 5: Configure Microsoft Authenticator

After installing the app, users will need to configure it to work with their account. This process is simple and involves scanning a QR code or entering a code provided during the setup process. Once configured, users can use the app to generate verification codes when prompted during sign-in.

 

Step 6: Test the Integration

Before fully deploying Microsoft Authenticator across your organization, it is best practice to roll out solutions to a test group to thoroughly test the integration to ensure everything is working correctly. Have a select group of users test the process and provide feedback on any issues they encounter.

 

Step 7: Roll Out to Your Organization

Once you have fully tested and are confident in the integration and have addressed any issues that were reported during testing, it's time to roll out Microsoft Authenticator to the rest of your organization.

Users will be presented with a screen similar to the example below on the device they are signing into (on the left) and using the authentication app (on the right) they will enter the code and tap on ‘Yes’ to continue logging in.

Always communicate the changes to your users and provide them with any necessary instructions or training materials!  You can even copy/paste part of this article to use as your instructions.